Walking into work through the South Lobby this morning I passed three monitors that normally have traffic, weather and footage from a traffic camera. The traffic monitor displays traffic information from WTOP normally, but today it showed cgidoctor.com. This page advised the user on how to remove fake antivirus infections. Links to remove fake antivirus went to a second site containing malicious code.
The monitor is a touchscreen so I checked the history to see if anyone had been accessing something other than WTOP.com. While that wasn’t a in-depth check I think its safe to say that yet again WTOP served up a banner advertisement that contained Fake AV social engineering.
That normal sites will could attempt to send you malware via banner ads is not surprising to most people reading this site. Using URL filters and antivirus is necessary. A dose of common sense when the attack is trying to trick you into installing the virus rather than performing an exploit.